Reducing an attack surface doesn't guarantee a proportional increase in security, as not all code contributes equally to risk. Prioritizing the removal of high-risk, low-use features can significantly enhance security. Once a feature is in use, altering its risk profile becomes more challenging, emphasizing the need for careful consideration during the development process.